Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-30 15:58:20 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-30 15:58:20 +0300
commit: 7c37ef88d96e6e073d0465c4910f487adae0f245 (patch)
tree: 82c303c2a926e66e53db171703072409bc4dceb7
parent: 9de3f08bc2d59576d74162ebfd16543f7b40c696 (diff)
9 files changed, 138 insertions, 69 deletions
diff --git a/app/mailers/emails/service_desk.rb b/app/mailers/emails/service_desk.rb
index f609c9318da..e250f2bb809 100644
--- a/app/mailers/emails/service_desk.rb
+++ b/app/mailers/emails/service_desk.rb
@@ -195,7 +195,11 @@ module Emails
     end
 
     def issue_description
-      @issue.description_html.to_s
+      return '' if @issue.description_html.blank?
+
+      # Remove references etc. from description HTML because external participants
+      # are no regular users and don't have permission to access them.
+      ::Banzai::Renderer.post_process(@issue.description_html, {})
     end
 
     def subject_base
diff --git a/lib/gitlab/import_export/project/relation_factory.rb b/lib/gitlab/import_export/project/relation_factory.rb
index 895b6394673..0653f0e665d 100644
--- a/lib/gitlab/import_export/project/relation_factory.rb
+++ b/lib/gitlab/import_export/project/relation_factory.rb
@@ -82,6 +82,8 @@ module Gitlab
 
         private
 
+        attr_reader :relation_hash, :user
+
         def invalid_relation?
           # Do not create relation if it is a legacy trigger
           legacy_trigger?
diff --git a/lib/gitlab/search/abuse_detection.rb b/lib/gitlab/search/abuse_detection.rb
index 8711d078ea9..75346e26b84 100644
--- a/lib/gitlab/search/abuse_detection.rb
+++ b/lib/gitlab/search/abuse_detection.rb
@@ -6,6 +6,7 @@ module Gitlab
       include ActiveModel::Validations
       include AbuseValidators
 
+      MAX_PIPE_SYNTAX_FILTERS = 5
       ABUSIVE_TERM_SIZE = 100
       ALLOWED_CHARS_REGEX = %r{\A[[:alnum:]_\-\/\.!]+\z}.freeze
 
@@ -57,10 +58,18 @@ module Gitlab
 
       validates :query_string, :repository_ref, :project_ref, no_abusive_coercion_from_string: true
 
-      attr_reader(*READABLE_PARAMS)
+      validate :no_abusive_pipes, if: :detect_abusive_pipes
 
-      def initialize(params)
-        READABLE_PARAMS.each { |p| instance_variable_set("@#{p}", params[p]) }
+      attr_reader(*READABLE_PARAMS)
+      attr_reader :raw_params, :detect_abusive_pipes
+
+      def initialize(params, detect_abusive_pipes: true)
+        @raw_params = {}
+        READABLE_PARAMS.each do |p|
+          instance_variable_set("@#{p}", params[p])
+          @raw_params[p] = params[p]
+        end
+        @detect_abusive_pipes = detect_abusive_pipes
       end
 
       private
@@ -76,6 +85,23 @@ module Gitlab
       def stop_word_search?
         STOP_WORDS.include? query_string
       end
+
+      def no_abusive_pipes
+        pipes = query_string.to_s.split('|')
+        errors.add(:query_string, 'too many pipe syntax filters') if pipes.length > MAX_PIPE_SYNTAX_FILTERS
+
+        pipes.each do |q|
+          self.class.new(raw_params.merge(query_string: q), detect_abusive_pipes: false).tap do |p|
+            p.validate
+
+            p.errors.messages_for(:query_string).each do |msg|
+              next if errors.added?(:query_string, msg)
+
+              errors.add(:query_string, msg)
+            end
+          end
+        end
+      end
     end
   end
 end
diff --git a/lib/gitlab/search/params.rb b/lib/gitlab/search/params.rb
index 6eb24a92be6..a7896b7d80d 100644
--- a/lib/gitlab/search/params.rb
+++ b/lib/gitlab/search/params.rb
@@ -81,7 +81,7 @@ module Gitlab
       end
 
       def search_terms
-        @search_terms ||= query_string.split.select { |word| word.length >= MIN_TERM_LENGTH }
+        @search_terms ||= query_string.split
       end
 
       def not_too_many_terms
diff --git a/package.json b/package.json
index 4f71c67a734..d472364dbc4 100644
--- a/package.json
+++ b/package.json
@@ -165,7 +165,7 @@
     "marked-bidi": "^1.0.3",
     "mathjax": "3",
     "mdurl": "^1.0.1",
-    "mermaid": "10.1.0",
+    "mermaid": "10.5.0",
     "micromatch": "^4.0.5",
     "minimatch": "^3.0.4",
     "monaco-editor": "^0.30.1",
diff --git a/spec/lib/gitlab/search/abuse_detection_spec.rb b/spec/lib/gitlab/search/abuse_detection_spec.rb
index f9a1d0211b9..cbf20614ba5 100644
--- a/spec/lib/gitlab/search/abuse_detection_spec.rb
+++ b/spec/lib/gitlab/search/abuse_detection_spec.rb
@@ -10,12 +10,12 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
   describe 'abusive scopes validation' do
     it 'allows only approved scopes' do
       described_class::ALLOWED_SCOPES.each do |scope|
-        expect(described_class.new(scope: scope)).to be_valid
+        expect(described_class.new({ scope: scope })).to be_valid
       end
     end
 
     it 'disallows anything not approved' do
-      expect(described_class.new(scope: 'nope')).not_to be_valid
+      expect(described_class.new({ scope: 'nope' })).not_to be_valid
     end
   end
 
@@ -55,14 +55,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
     it 'considers non Integers to be invalid' do
       [:project_id, :group_id].each do |param|
         [[1, 2, 3], 'xyz', 3.14, { foo: :bar }].each do |dtype|
-          expect(described_class.new(param => dtype)).not_to be_valid
+          expect(described_class.new({ param => dtype })).not_to be_valid
         end
       end
     end
 
     it 'considers Integers to be valid' do
       [:project_id, :group_id].each do |param|
-        expect(described_class.new(param => 123)).to be_valid
+        expect(described_class.new({ param => 123 })).to be_valid
       end
     end
   end
@@ -70,7 +70,7 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
   describe 'query_string validation' do
     using ::RSpec::Parameterized::TableSyntax
 
-    subject { described_class.new(query_string: search) }
+    subject { described_class.new({ query_string: search }) }
 
     let(:validation_errors) do
       subject.validate
@@ -82,11 +82,15 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
         word | { query_string: ['stopword only abusive search detected'] }
       end
 
-      'x'                                        | { query_string: ['abusive tiny search detected'] }
-      ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] }
-      ''                                         | {}
-      '*'                                        | {}
-      'ruby'                                     | {}
+      (['apples'] * (described_class::MAX_PIPE_SYNTAX_FILTERS + 1)).join('|') | { query_string: ['too many pipe syntax filters'] } # rubocop:disable Layout/LineLength
+      (['apples'] * described_class::MAX_PIPE_SYNTAX_FILTERS).join('|')       | {}
+      'x'                                                   | { query_string: ['abusive tiny search detected'] }
+      'apples|x'                                            | { query_string: ['abusive tiny search detected'] }
+      ('x' * described_class::ABUSIVE_TERM_SIZE)            | { query_string: ['abusive term length detected'] }
+      "apples|#{'x' * described_class::ABUSIVE_TERM_SIZE}"  | { query_string: ['abusive term length detected'] }
+      ''                                                    | {}
+      '*'                                                   | {}
+      'ruby'                                                | {}
     end
 
     with_them do
@@ -100,14 +104,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search
     it 'considers anything not a String invalid' do
       [:query_string, :scope, :repository_ref, :project_ref].each do |param|
         [[1, 2, 3], 123, 3.14, { foo: :bar }].each do |dtype|
-          expect(described_class.new(param => dtype)).not_to be_valid
+          expect(described_class.new({ param => dtype })).not_to be_valid
         end
       end
     end
 
     it 'considers Strings to be valid' do
       [:query_string, :repository_ref, :project_ref].each do |param|
-        expect(described_class.new(param => "foo")).to be_valid
+        expect(described_class.new({ param => "foo" })).to be_valid
       end
     end
   end
diff --git a/spec/lib/gitlab/search/params_spec.rb b/spec/lib/gitlab/search/params_spec.rb
index 3235a0b2126..3c64082aeeb 100644
--- a/spec/lib/gitlab/search/params_spec.rb
+++ b/spec/lib/gitlab/search/params_spec.rb
@@ -17,7 +17,7 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
     end
 
     it 'uses AbuseDetection by default' do
-      expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+      expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
       described_class.new(params)
     end
   end
@@ -73,9 +73,21 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
     end
 
     it 'validates AbuseDetector on validation' do
-      expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+      expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
       subject.validate
     end
+
+    context 'when query has too many terms' do
+      let(:search) { Array.new((::Gitlab::Search::Params::SEARCH_TERM_LIMIT + 1), 'a').join(' ') }
+
+      it { is_expected.not_to be_valid }
+    end
+
+    context 'when query is too long' do
+      let(:search) { 'a' * (::Gitlab::Search::Params::SEARCH_CHAR_LIMIT + 1) }
+
+      it { is_expected.not_to be_valid }
+    end
   end
 
   describe '#valid?' do
@@ -89,7 +101,7 @@ RSpec.describe Gitlab::Search::Params, feature_category: :global_search do
     end
 
     it 'validates AbuseDetector on validation' do
-      expect(Gitlab::Search::AbuseDetection).to receive(:new).and_call_original
+      expect(Gitlab::Search::AbuseDetection).to receive(:new).at_least(:once).and_call_original
       subject.valid?
     end
   end
diff --git a/spec/mailers/emails/service_desk_spec.rb b/spec/mailers/emails/service_desk_spec.rb
index 8c0efe3f480..068ca08150a 100644
--- a/spec/mailers/emails/service_desk_spec.rb
+++ b/spec/mailers/emails/service_desk_spec.rb
@@ -210,6 +210,28 @@ RSpec.describe Emails::ServiceDesk, feature_category: :service_desk do
         let(:expected_template_html) { "<p dir=\"auto\">thank you, your new issue has been created. </p>#{issue.description_html}" }
 
         it_behaves_like 'a service desk notification email with template content', 'thank_you'
+
+        context 'when GitLab-specific-reference is in description' do
+          let(:full_issue_reference) { "#{issue.project.full_path}#{issue.to_reference}" }
+          let(:other_issue) { create(:issue, project: project, description: full_issue_reference) }
+
+          let(:template_content) { '%{ISSUE_DESCRIPTION}' }
+          let(:expected_template_html) { "<p data-sourcepos=\"1:1-1:22\" dir=\"auto\">#{full_issue_reference}</p>" }
+
+          subject { ServiceEmailClass.service_desk_thank_you_email(other_issue.id) }
+
+          before do
+            expect(Gitlab::Template::ServiceDeskTemplate).to receive(:find)
+              .with('thank_you', other_issue.project)
+              .and_return(template)
+
+            other_issue.issue_email_participants.create!(email: email)
+          end
+
+          it 'does not render GitLab-specific-reference links with title attribute' do
+            is_expected.to have_body_text(expected_template_html)
+          end
+        end
       end
 
       context 'when issue url placeholder is used' do
diff --git a/yarn.lock b/yarn.lock
index e295609732f..d37ff087e7f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1000,10 +1000,10 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@braintree/sanitize-url@^6.0.0":
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
-  integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
+"@braintree/sanitize-url@^6.0.1":
+  version "6.0.4"
+  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.4.tgz#923ca57e173c6b232bbbb07347b1be982f03e783"
+  integrity sha512-s3jaWicZd0pkP0jf5ysyHUI/RE7MHos6qlToFcGWXVp+ykHOy77OUMrfbgJ9it2C5bow7OIQwYYaHjk9XlBQ2A==
 
 "@csstools/selector-specificity@^2.0.1":
   version "2.0.1"
@@ -1625,13 +1625,6 @@
   resolved "https://registry.yarnpkg.com/@jsdevtools/ono/-/ono-7.1.3.tgz#9df03bbd7c696a5c58885c34aa06da41c8543796"
   integrity sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==
 
-"@khanacademy/simple-markdown@^0.8.6":
-  version "0.8.6"
-  resolved "https://registry.yarnpkg.com/@khanacademy/simple-markdown/-/simple-markdown-0.8.6.tgz#9c9aef1f5ce2ce60292d13849165965a57c26f25"
-  integrity sha512-mAUlR9lchzfqunR89pFvNI51jQKsMpJeWYsYWw0DQcUXczn/T/V6510utgvm7X0N3zN87j1SvuKk8cMbl9IAFw==
-  dependencies:
-    "@types/react" ">=16.0.0"
-
 "@leichtgewicht/ip-codec@^2.0.1":
   version "2.0.3"
   resolved "https://registry.yarnpkg.com/@leichtgewicht/ip-codec/-/ip-codec-2.0.3.tgz#0300943770e04231041a51bd39f0439b5c7ab4f0"
@@ -2217,6 +2210,23 @@
   dependencies:
     "@types/node" "*"
 
+"@types/d3-scale-chromatic@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.0.0.tgz#103124777e8cdec85b20b51fd3397c682ee1e954"
+  integrity sha512-dsoJGEIShosKVRBZB0Vo3C8nqSDqVGujJU6tPznsBJxNJNwMF8utmS83nvCBKQYPpjCzaaHcrf66iTRpZosLPw==
+
+"@types/d3-scale@^4.0.3":
+  version "4.0.5"
+  resolved "https://registry.yarnpkg.com/@types/d3-scale/-/d3-scale-4.0.5.tgz#daa4faa5438315a37a1f5eb1bcdc5aeb3d3e5a2d"
+  integrity sha512-w/C++3W394MHzcLKO2kdsIn5KKNTOqeQVzyPSGPLzQbkPw/jpeaGtSRlakcKevGgGsjJxGsbqS0fPrVFDbHrDA==
+  dependencies:
+    "@types/d3-time" "*"
+
+"@types/d3-time@*":
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/@types/d3-time/-/d3-time-3.0.1.tgz#f0c8f9037632cc4511ae55e7e1459dcb95fb3619"
+  integrity sha512-5j/AnefKAhCw4HpITmLDTPlf4vhi8o/dES+zbegfPb7LaGfNyqkLxBR6E+4yvTAgnJLmhe80EXFMzUs38fw4oA==
+
 "@types/debug@^4.0.0":
   version "4.1.7"
   resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.7.tgz#7cc0ea761509124709b8b2d1090d8f6c17aadb82"
@@ -2401,11 +2411,6 @@
   resolved "https://registry.yarnpkg.com/@types/prettier/-/prettier-2.6.1.tgz#76e72d8a775eef7ce649c63c8acae1a0824bbaed"
   integrity sha512-XFjFHmaLVifrAKaZ+EKghFHtHSUonyw8P2Qmy2/+osBnrKbH9UYtlK10zg8/kCt47MFilll/DEDKy3DHfJ0URw==
 
-"@types/prop-types@*":
-  version "15.7.5"
-  resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.5.tgz#5f19d2b85a98e9558036f6a3cacc8819420f05cf"
-  integrity sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w==
-
 "@types/qs@*":
   version "6.9.7"
   resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.7.tgz#63bb7d067db107cc1e457c303bc25d511febf6cb"
@@ -2416,25 +2421,11 @@
   resolved "https://registry.yarnpkg.com/@types/range-parser/-/range-parser-1.2.4.tgz#cd667bcfdd025213aafb7ca5915a932590acdcdc"
   integrity sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==
 
-"@types/react@>=16.0.0":
-  version "18.0.33"
-  resolved "https://registry.yarnpkg.com/@types/react/-/react-18.0.33.tgz#a1575160cb4376787c2f5fe0312302f824baa61e"
-  integrity sha512-sHxzVxeanvQyQ1lr8NSHaj0kDzcNiGpILEVt69g9S31/7PfMvNCKLKcsHw4lYKjs3cGNJjXSP4mYzX43QlnjNA==
-  dependencies:
-    "@types/prop-types" "*"
-    "@types/scheduler" "*"
-    csstype "^3.0.2"
-
 "@types/retry@^0.12.0":
   version "0.12.1"
   resolved "https://registry.yarnpkg.com/@types/retry/-/retry-0.12.1.tgz#d8f1c0d0dc23afad6dc16a9e993a0865774b4065"
   integrity sha512-xoDlM2S4ortawSWORYqsdU+2rxdh4LRW9ytc3zmT37RIKQh6IHyKwwtKhKis9ah8ol07DCkZxPt8BBvPjC6v4g==
 
-"@types/scheduler@*":
-  version "0.16.3"
-  resolved "https://registry.yarnpkg.com/@types/scheduler/-/scheduler-0.16.3.tgz#cef09e3ec9af1d63d2a6cc5b383a737e24e6dcf5"
-  integrity sha512-5cJ8CB4yAx7BH1oMvdU0Jh9lrEXyPkar6F9G/ERswkCuvP4KQZfZkSjcMbAICCpQTN4OuZn8tz0HiKv9TGZgrQ==
-
 "@types/serve-index@^1.9.1":
   version "1.9.1"
   resolved "https://registry.yarnpkg.com/@types/serve-index/-/serve-index-1.9.1.tgz#1b5e85370a192c01ec6cec4735cf2917337a6278"
@@ -4562,7 +4553,7 @@ cssstyle@^2.3.0:
   dependencies:
     cssom "~0.3.6"
 
-csstype@^3.0.2, csstype@^3.1.0:
+csstype@^3.1.0:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.2.tgz#1d4bf9d572f11c14031f0436e1c10bc1f571f50b"
   integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==
@@ -5446,11 +5437,16 @@ dommatrix@^1.0.3:
   resolved "https://registry.yarnpkg.com/dommatrix/-/dommatrix-1.0.3.tgz#e7c18e8d6f3abdd1fef3dd4aa74c4d2e620a0525"
   integrity sha512-l32Xp/TLgWb8ReqbVJAFIvXmY7go4nTxxlWiAFyhoQw9RKEOHBZNnyGvJWqDVSPmq3Y9HlM4npqF/T6VMOXhww==
 
-dompurify@2.4.5, dompurify@^2.4.5:
+dompurify@^2.4.5:
   version "2.4.5"
   resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.4.5.tgz#0e89a27601f0bad978f9a924e7a05d5d2cccdd87"
   integrity sha512-jggCCd+8Iqp4Tsz0nIvpcb22InKEBrGz5dw3EQJMs8HPJDsKbFIO3STYtAvCfDx26Muevn1MHVI0XxjgFfmiSA==
 
+dompurify@^3.0.5:
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.6.tgz#925ebd576d54a9531b5d76f0a5bef32548351dae"
+  integrity sha512-ilkD8YEnnGh1zJ240uJsW7AzE+2qpbOUYjacomn3AvJ6J4JhKGSZ2nh4wUIXPZrEPppaCLx5jFe8T89Rk8tQ7w==
+
 domutils@^2.5.2, domutils@^2.6.0:
   version "2.6.0"
   resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.6.0.tgz#2e15c04185d43fb16ae7057cb76433c6edb938b7"
@@ -8841,10 +8837,10 @@ mdast-util-find-and-replace@^2.0.0:
     unist-util-is "^5.0.0"
     unist-util-visit-parents "^4.0.0"
 
-mdast-util-from-markdown@^1.0.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/mdast-util-from-markdown/-/mdast-util-from-markdown-1.2.0.tgz#84df2924ccc6c995dec1e2368b2b208ad0a76268"
-  integrity sha512-iZJyyvKD1+K7QX1b5jXdE7Sc5dtoTry1vzV28UZZe8Z1xVnB/czKntJ7ZAkG0tANqRnBF6p3p7GpU1y19DTf2Q==
+mdast-util-from-markdown@^1.0.0, mdast-util-from-markdown@^1.3.0:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/mdast-util-from-markdown/-/mdast-util-from-markdown-1.3.1.tgz#9421a5a247f10d31d2faed2a30df5ec89ceafcf0"
+  integrity sha512-4xTO/M8c82qBcnQc1tgpNtubGUW/Y1tBQ1B0i5CtSoelOLKFYlElIr3bvgREYYO5iRqbMY1YuqZng0GVOI8Qww==
   dependencies:
     "@types/mdast" "^3.0.0"
     "@types/unist" "^2.0.0"
@@ -9040,25 +9036,28 @@ merge2@^1.3.0, merge2@^1.4.1:
   resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
   integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
 
-mermaid@10.1.0:
-  version "10.1.0"
-  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.1.0.tgz#6e40d5250174f4750ca6548e4ee00f6ae210855a"
-  integrity sha512-LYekSMNJygI1VnMizAPUddY95hZxOjwZxr7pODczILInO0dhQKuhXeu4sargtnuTwCilSuLS7Uiq/Qn7HTVrmA==
+mermaid@10.5.0:
+  version "10.5.0"
+  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.5.0.tgz#e90512a65b5c6e29bd86cd04ce45aa31da2be76d"
+  integrity sha512-9l0o1uUod78D3/FVYPGSsgV+Z0tSnzLBDiC9rVzvelPxuO80HbN1oDr9ofpPETQy9XpypPQa26fr09VzEPfvWA==
   dependencies:
-    "@braintree/sanitize-url" "^6.0.0"
-    "@khanacademy/simple-markdown" "^0.8.6"
+    "@braintree/sanitize-url" "^6.0.1"
+    "@types/d3-scale" "^4.0.3"
+    "@types/d3-scale-chromatic" "^3.0.0"
     cytoscape "^3.23.0"
     cytoscape-cose-bilkent "^4.1.0"
     cytoscape-fcose "^2.1.0"
     d3 "^7.4.0"
+    d3-sankey "^0.12.3"
     dagre-d3-es "7.0.10"
     dayjs "^1.11.7"
-    dompurify "2.4.5"
+    dompurify "^3.0.5"
     elkjs "^0.8.2"
     khroma "^2.0.0"
     lodash-es "^4.17.21"
+    mdast-util-from-markdown "^1.3.0"
     non-layered-tidy-tree-layout "^2.0.2"
-    stylis "^4.1.2"
+    stylis "^4.1.3"
     ts-dedent "^2.2.0"
     uuid "^9.0.0"
     web-worker "^1.2.0"
@@ -12067,10 +12066,10 @@ stylelint@^14.9.1:
     v8-compile-cache "^2.3.0"
     write-file-atomic "^4.0.1"
 
-stylis@^4.1.2:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.1.3.tgz#fd2fbe79f5fed17c55269e16ed8da14c84d069f7"
-  integrity sha512-GP6WDNWf+o403jrEp9c5jibKavrtLW+/qYGhFxFrG8maXhwTBI7gLLhiBb0o7uFccWN+EOS9aMO6cGHWAO07OA==
+stylis@^4.1.3:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.3.0.tgz#abe305a669fc3d8777e10eefcfc73ad861c5588c"
+  integrity sha512-E87pIogpwUsUwXw7dNyU4QDjdgVMy52m+XEOPEKUn161cCzWjjhPSQhByfd1CcNvrOLnXQ6OnnZDwnJrz/Z4YQ==
 
 subscriptions-transport-ws@^0.11.0:
   version "0.11.0"
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-30 15:58:20 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-30 15:58:20 +0300
commit	7c37ef88d96e6e073d0465c4910f487adae0f245 (patch)
tree	82c303c2a926e66e53db171703072409bc4dceb7
parent	9de3f08bc2d59576d74162ebfd16543f7b40c696 (diff)